After a major outage prevented customers from using voice and data services for nearly 24 hours, Canadian telecommunications provider Rogers apologized on Twitter and offered customers an automatic credit on their bills. Seeing an opportunity here, malicious actors began sending SMS messages pretending to be from the telecom and prompted recipients to click on a link to receive their $50 CAD refund. A screenshot of one of the messages shows that the attacker didn’t set up a domain, opting instead to send only an IP address.
Analyst Notes: When communicating via SMS, telecommunications providers typically opt to send messages from what is known as a “short code.” These are much shorter than typical phone numbers, making them stand out when receiving a message. Looking at the link as well, receiving an IP address rather than a domain should appear suspicious as well. If you are ever unsure about a message received by a company through email or SMS, visit that company’s website directly or try contacting them to verify it instead of clicking on the link.